

Figure 1



Figure 2



Figure 3



Figure 4

x, y, z, as DUT/DUV inputs, are RV's



Figure 5



Figure 6



- sequential assumption constraints converted, by logic synthesis, into a gatelevel environment checker ("gate-level assumption representation")
- gate-level assumption représentation comprised of assumption pipelines and assumption gates that drive an assumption error output



## SECOND STEP (for formal methods):

702

- construct single "formal-verification-output" that combines the assumption-errordetecing gate-level assumption representation produced in the first step with assertion-monitoring circuitry for the DUT/DUV
- formal-verification-output indicates an error iff an assertion is violated by the DUT/DUV (e.g., "assertion error" becomes true) and it is not the case that the environmental constraints have ever been violated (e.g., "assumption error" is always false).
- Assuring that environmental constraints have never been violated can be modeled by feeding assumption error through a recirculating latch circuit before it is ANDed with assertion error.

SECOND STEP (for simulation):
convert gate-level assumption representation into a hybrid representation where assumption pipelines are simulated and the augmented assumption gates are converted into equivalent combinational assumption constraints

700

solution of equivalent combinational assumption constraints by a conventional combinational constraint solver produces an output behavior for the environment that is in accord with the sequential assumption constraints

## THIRD STEP (for simulation):

- identify deadend states and augment equivalent combinational assumption constraint set such that transitions into deadend states are avoided
- where DUT/DUV outputs drive the environment, strong deadend state avoidance may be needed

704

## FIGURE 7A



FIGURE 7B



FIGURE 8



FIGURE 9